Duo adds a layer of security to your accounts. Verifying your identity using another factor, like your mobile device or hardware token, prevents anyone but you from logging in, even if they know your password. You'll log in as usual with your username and password, and then use your device to verify that it's you.
Table of Contents
Duo Device and Software Requirements
Configuring Duo on a New Phone
Authenticate Using Duo Verified Push
Authenticate Using a Duo Token
My Primary Duo Authentication Device is Lost or Broken
Add an Additional Device to Duo Mobile
Use Duo Mobile to Protect Non-Davidson Accounts
Duo Security FAQ
Q: Why do I need Duo multifactor authentication?
A: Usernames and passwords provide some protection; however, over time bad actors have devised numerous ways to crack these credentials. In order to improve the protection of sensitive data elements, multifactor authentication (MFA), are required:
- Something you know (a password), and
- Something you have (usually a mobile device)
Q: What services are protected with Duo?
A: All applications that offer SSO (single sign-on), such as Office 365, Google Drive/GSuite, Moodle, Zoom, Slate, and Maxient require Duo multifactor authentication. Additionally, VPN access from off-campus and confidential applications like Banner and Blackbaud require Duo.
Q: What devices are supported by Duo?
A: Duo is available as a mobile app in the Apple App Store and the Google Play Store. Phones and laptops being used to log into applications that require Duo authentication must be using a browser that is no more than 365 days out of date. Further questions can be directed to the T&I Support Center at ti@davidson.edu or 704-894-2900.
Q: Once I have Duo, how can I authenticate?
A: There are several methods to authenticate in Duo:
-
Duo Mobile Push
If you use your smartphone or tablet, you can install the Duo Mobile app and send a notification to your device. To authenticate, you choose to Accept or Deny the request on your mobile device. -
Using a personal hardware token/fob
If you have a hardware token already (ex: Yubikey), you can insert the token like a USB and tap it to authenticate, or use Touch ID on a Mac. Setting up Touch ID on Mac requires access from T&I, so you will need to reach out to ti@davidson.edu for help with this. -
Using a provided Duo token
If you cannot or will not use your mobile device to authenticate, the T&I Support Center can provide you with a Duo token. You will press a button on the token to generate a passcode that you can then enter in the portal.
Q: Do I need a smartphone to use Duo? What if I don’t have a smartphone?
A: If you have a smartphone, you’ll find it makes Duo more convenient. You probably already have your smartphone with you, and it’s easy and quick to acknowledge a login through the Duo app. You can also choose to use the Duo app for multifactor protection on personal services like Gmail, Instagram, Facebook, and other sites.
If you do not own a compatible smartphone, T&I will provide one Duo key fob (for students) or one authentication key (faculty/staff) at no cost.
Q: My account is locked out. What should I do?
A: If you exceed 10 failed login attempts, your account will be locked down. Please contact the T&I Support Center at ti@.davidson.edu or 704-894-2900 for assistance.
Q: I lost or broke my primary authentication device. What should I do?
A: Please take action ASAP if you’ve lost your phone so that no unauthorized person(s) can access your account. Call 704-894-2900 to walk through your next steps.
Q: I purchased a new phone. How do I set up my new device?
You will need to contact the T&I Support Center at 704-894-2900 for assistance.
Q: I’m having trouble authenticating in Duo. What should I do?
A: Please read this article for solutions to some common authentication problems. If you still have questions or concerns, please contact the T&I Support Center at ti@davidson.edu or 704-894-2900.
Duo Device and Software Requirements
For security reasons, users are required to keep their devices up-to-date. If you are a high-risk user, you will be required by Duo to do so.
You will be warned, and perhaps blocked, whenever your OS, Flash and/or Java plugins, or browser are out of date. If you are blocked, please contact the Support Center.
Please note that these are the minimum requirements and that it's always a good idea to keep your devices up-to-date.
Mobile Device Requirements
Device Type | Supported Platform |
iOS | iOS 14.0 or newer |
Android | Android 10.0 r |
OS and Software Requirements
All users will be warned whenever your OS, Flash and/or Java plugins, or browser are out-of-date and blocked if they do not meet the following requirements:
Browser | No more than 1 year out of date |
Flash and Java plugins | No more than 1 year out of date |
Windows OS | At least Windows 7 |
macOS | At least Mac OS X 10.14 Mojave |
Additional Requirements for Applications with Highly Sensitive Data
Access to Banner Admin Pages and Etrieve is restricted to Davidson-owned workstations.
Attempts to login to Etrieve or Banner Admin Pages from a non-Davidson-owned computer will fail with an error message similar to the following:
Duo Troubleshooting
If you are having difficulties with Duo, read about some of the common issues below to help troubleshoot.
If you are using Duo Mobile, does your phone have a passcode?
For security reasons, Duo requires that high-risk users have some type of mobile device screen lock whether it’s a pattern, passcode, biometric, etc.
Is the date and time on your device correct?
In order to authenticate properly, the date and time on your device needs to be correct. You can typically set your device to automatically adjust the time settings.
Are your browser, plugins, and operating system up-to-date?
Duo requires that you keep your chosen browser, plugins, and operating system up-to-date in order to authenticate. If you see a notice from Duo that your browser is out of date, follow the instructions provided to update.
Is your Duo Mobile app updated?
All high-risk users are required to have up-to-date security updates for Duo Mobile.
Authenticate Using Duo Push
1. Unless you are using a hardware token or a security key as your 2-factor authentication device, Duo Push is configured as the default authentication method. If Duo Push is not your default authentication method in Duo, you can still perform a Duo push by clicking cancel on the initial prompt:
2. Then select Other options:
3. Under Other options to log in, select Duo Push:
4. Upon selecting Duo Push, you should see a popup similar to the one below asking you to check for the push on your device:
5. In the Duo app on your device, verify that the application name matches the name of the application you are logging in to and then select the green check mark to approve:
Authenticate Using Duo Verified Push
Risk-Based Verified Push increases the security of Duo multi-factor authentication by requiring users to enter a six-digit code that is displayed in a popup window into the Duo mobile app when Duo detects the authentication is “risky.” Requiring a verification code helps to mitigate the risk of "push harassment" attacks where multiple, successive push notifications are sent in an effort to trick users into accepting a push for a fraudulent login attempt. It also reduces the risk of "push fatigue" where users pay less attention to their logins and absent-mindedly accept a fraudulent push.
If you see a popup like the one above, Duo has detected an anomaly in your authentication and has elevated your authentication method to a verified push. To authenticate, simply enter the 6-digit code displayed on the popup into the Duo mobile app.
Some applications that contain highly sensitive data will always send a verified push. For those applications, the code will be a 3-digit code as long as Duo does not detect any anomalies in the authentication attempt. If the authentication attempt appears to be anomalous or risky, a 6-digit code will be required.
Authenticate Using a Duo Token
Supported Browsers
- Click the Device dropdown
- Choose
- Enter the passcode into the Duo portal.
My Primary Duo Authentication Device is Lost or Broken
We recommend that you contact the T&I Support Center ASAP so that we can:
- Delete the device from your account
- Set you up with a temporary Duo token for authentication until you find or replace your lost device
Add an Additional Mobile Device to Duo Mobile
The self-service device management portal previously hosted at duo.davidson.edu has been disabled. If you need to add a new device to Duo, please call our service desk at 704-894-2900.
To help protect your Duo account from unauthorized activity, you will receive a Duo push and an email notification from no-reply@duosecurity.com when you add or remove an authentication device in Duo.
Use Duo Mobile to Protect Non-Davidson Accounts
The Duo Mobile Application can not only provide a second factor for Davidson-protected services, but it can also generate passcodes to act as a second factor for other applications you might want to protect like a password manager or online banking account.
-
Check to see if your service offers multi-factor authentication (MFA). Here are some of the common applications that offer MFA: Google, LastPass, DropBox, Amazon, Twitter, Facebook.
-
Under their MFA options, choose Authenticator App or Code Generator App. The service should generate a QR code.
-
Open the Duo Mobile App on your mobile device.
-
Press the + button in the upper right hand corner, and scan the QR code. A new account should be added to your Duo Mobile App.
-
To complete 2FA setup, the service should ask you for a confirmation code. Press the key next to your account in your Duo Mobile App and it will generate a 6-digit passcode.
- From then on out, whenever you log in to that service, it should ask you to enter a 6-digit passcode from the Duo Mobile App.